Guest

Preview Tool

Cisco Bug: CSCvr95419 - NCS1004: KE SA not up with default policy when user-defined policy exist for other SA

Last Modified

May 29, 2020

Products (1)

  • Cisco Network Convergence System 1000 Series

Known Affected Releases

7.1.1.BASE

Description (partial)

Release-note

Symptom:
[Applicable only for NCS1004 when ODU controllers are configured with L1-Encryption]

Failed to bring up IKEv2 SA with default ikev2 policy between two ODU controllers

and no syslogs seen for IKEv2-6-SA_UP and OTNSEC-2-SESSION_SECURED 

Example:

%SECURITY-IKEv2-6-SA_UP : local:192.168.1.2:500/remote:192.168.1.1:500/i_vrf:0/f_vrf:0 IKEv2 SA UP as Initiator (I:0xC219E3EC149FFC10, R:0x2D7E64430801A390)

%SECURITY-OTNSEC-2-SESSION_SECURED : Controller ODU40/3/0/0/1, Otnsec session secured

Conditions:
When some of the ODU controllers are configured to bring up IKEv2 SA with user-defined policy 
and others with default IKEv2 policy.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.